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AMENDMENTS TO THE CLAIMS 
This listing of claims will replace all prior versions, and listings, of claims in the 

application: 

Listing of claims: 

1 . (currently amended) A method for validating credentials comprising: 

inputting at a first svst ejOQLtha t grants session credentials based on successful 

authentic ation^ a request from a cIi.eni. t o access a nrotej^cjj.resource on the first system: 

determining, at a-tb^first system that grants - s e ssion cr e d e ntials based < » fl 
au coos o f ul auth e ntication at the firct system or successful authentication at a second system^ - that 
a client does not have a valid session credential granted by the first system; 

retrieving, at the first system, information from a session token held by the client, 
the inform ation being retrieved from the client, the information corresponding to a possibl e 
session credential for the second syste m, the second svstem- tha^ -Qlg rants session credentials 
based on successful authentication at the second system , and (2) igcIud.es,a^p r otected resource 
on the second system that i s accessi ble bv the client : 

the first system presenting at least some of the information from the session 
token to the second system; 

the fi rst system inputting a determinatio n from the second system that the client 
has a valid s ession crede ntial with the second system: and 

the first system granti ng access, to the nrotectejlj:ej$.o.nrce pn„th e first sy stem. 

t gdetermining whet her the client based on the determination from the second system that the 

client has a valid se ssion credential with th e second system has a valid sessfea cr e dential rrranterl 
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by the gocond system: rind 

d e t e rmining at tho second systcm - whothor the? client har, a valid session credential 

grant e d by the first system, so as to authenticate at the se c ond system . 

2. (previously presented) A method according to claim I , farther comprising 
granting a session credential to the client by the first system, after determining that the client 
has a valid session credential granted by the second system. 

3. (previously presented) A method according to claim 1, further comprising 
sending a session token to the client, the token corresponding to a session credential granted by 
the first system. 

4. (previously presented) A method according to claim 1, further comprising 
directing the client to the second system to establish a session credential based on successful 
authentication at the second system, after determining that the client does not have a valid 
session credential granted by the second system. 

5. (previously presented) A method according to claim 1, further comprising 
directing the client to the first system to establish a session credential based on successful 
authentication at the first system, after determining that the client does not have a valid session 
credential granted by the second system. 

6. (previously presented) A method according to claim 1 , further comprising 
maintaining the client session credential granted by the second system. 

7. (Canceled) 

8. (original) A method according to claim 1 % wherein retrieving information 

from the session token held by the client comprises: 
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sending a query to the client from the first system, the query including 
identification as originating from a domain name corresponding to the second system; and 
receiving a response to the query. 

9. (currently amended) A method for validating session credentials of a 
client comprising: 

in-putting, at a first, system that grants sessi on cr edentials based on successful 
authentication, a ren uest from a client to access a protected resource on the first system: 

determining, at a-the first system that grants se s sion credentials based Oft 
s ucc e ssful authentication at the first system or successful authentication at a s e cond systenvt hat 
a client does not have a valid session credential granted by the first system; 

retrieving, at the first system, information from a session token held by the client, 
the information being retrieved f rom the client, t he information corresponding to a session 
credential for the second system that grants session credentials based on successful 
authentication at the second system, and the second system including a protected resource that 
j&^ces sible by the client , wheFein^^retrieving information from the session token held by the 
client comprises receiving a session token from the client corresponding to the second system; 

presenting at least some of the information from the session token to the second 

system; 

determining whether the client has a valid session credential granted by the 
second system, wherein t hejjetejrmining whether the client has a valid session c redential 
granted by the second system is at least partially from presenting information from the session 
token; 
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— tho riT * r S^Stggj ^putting a determination from the second svstem_that the client 

has a valid session crertemifl] with the second system: 

granting a session credential to the client on the first system, after determining 
that the client has a valid session credential granted by the second system; 

sending a session token to the client, the session token corresponding to the 
session credential granted by the first syste m, the session token allowing the client access to 
protected resources on the first svsrem : and 

maintaining the client session efedeftfebcredential^^mfl- 

d e t e rmining at tho second system wheth e r the client has a valid session credential 

granted by the first s ystem, so as to authonti e at e at the second system . 

10. (currently amended) Computer executable software code stored on a 
computer-readable medium and transmitted as an information signal, the code for validating 
credentials, the code comprising: 

code to inpu l_a.t_a first system that grants session credentials based on successful 
authentication, a request from a client to access a protected resource on thejjrst syste m; 

code to determine, at ar-thefirst system, tb at grants session cre de ntials bused on 
successful-a u th e ntication at tho first system or s u ccessful authentica t ion at n s e cond system, that 
a client does not have a valid session credential granted by the first system; 

code to retrieve, at the first system, information from a session token held by the 

client, the information corresponding to apot^ibte-session credential for the second system that 

grants session credentials based on successful authentication at the second system., t he second 

system including a protected resource that is accessible bv the client: 
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code to present at least some of the information from the session token to the 
second system; and 

code to determine input, from the second system to the first system^a 
determination whether the client has a valid session credential granted by the second system; 
and 

_, code t Q grant access to the protected resource on the first system, to the client based on 
the determination from the second system that the client has a v alid session credential with the 
secpnd sysloni.j -aftd 

codo to determine at the second syst e m whether tho client has a valid scssie a 

credential granted by th e first system, so - as to authenticate at tho second system. 

1 1 . (currently amended) A computer readable medium having computer 
executable code stored thereon, the code for validating credentials, the code comprising: 

code to i nput at a first system that p yants session credentials based on successful 
authentication, a reques Lfroro a client to access a protected resource on the.first system: 

code to determine, at a-tfiejirst system that grants flossiorhe geden tialii based on 
succ e ssful authenticatio fl- at th e first system or successful authentication at a s o cond s ystem, t hat 
a-Ihfc.client does not have a valid session credential granted by the first system; 

code to retrieve from the client , at the first system, information from a session 
token held by the client, the information corresponding to a possible session credential for the 
second system that grants session credentials based on successful authentication at the second 
systemandLtha t has a protected resource tha t is accessible by the client : 
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code to present at least some of tbe information from the session token to the 
second system; and 

code to input, from the second system to fhe_first system, a determination 
d e termine whether the client has a valid session credential granted by the second syste m: and 
code to p^an t access to t he protect ed resource on, the first system, tojhe client based on 
the determination from the second system that the client has a valid session credential with the 
second system ,j -afl4 

code to d e termine at the second sy?item whether t he client hag a valid soss k>ft 

c fe d e ntial granted by tho first system, so as -t e - auth e nticate at the - aocond system . 

12. (currently amended) A programmed computer for validating 
credentials, comprising: 

a memory having at least one region for storing computer executable program 

code; and 

a processor for executing the program code stored in the memory, wherein the 
program code comprises: 

code to input, at a first_system that grant s s ession credentials based on successful 
authentica tion, a request from a client to a ccess a protected resource on the first system: 

code to determine, at a-fligjirst system that grants session cred e ntials based on 
succ e ssful authentication at die first syniom or suocojuful auth e ntication at a second system, that 
a-the^client does not have a valid session credential granted by the first system; 

code to retrieve, at the first system, information from a session token held by the 
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client, the information corresponding to a possible-session credential for the second system that 
grants session credentials based on successful authentication at the second system , the second 
system including a protected resource th at is accessible bv the client : 

code to present at least some of the information from the session token to the 
second system; and 

code to inuut. from thesccond system to the first system T a 
deteTTriination4ete^mk^- whether the client has a valid session credential granted by the second 
systemj-arel _and 

code to grant access to the protected resource on the first a stern, to the client 
based on the determination from th e^second system that the client has a valid session credential 
Hdth the second system, 

~ codo to dotermine at the second system whethe r tho cli e nt has a valid s es sio n 

cr e d e ntial granted by the first system, - so as to authenticate at tho Gocond system . 

13. (currently amended) A method for establishing session credentials 

comprising: 

inputting , at a first syste m that grants session credentials based on successful 
authentication, a req uest from a client to access a protected resou rce on the fir st system: 

determining a t the first system t hat a-tf^cjient does not have a valid session 
credential granted by a first syste m based on- s wcc e sHful authontioation - at th e first ? iy?jtem or 
success f ul authentication at a Gocond ays torn ; 

determining that a-theclient does not have a valid session credential granted by 

the-ajecond system based on successful authentication at the second system; 
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sending, from the first system to the client, a log in page; 

receiving, at the first system from the client, log in information; 

sending, from the first system to the second system, the log in information; and 

receiving, at the first system from the second system, information corresponding 
to a session credential granted by the second system, the session credential granted by the 
second system based at least in part on the log in information and successful authentication at 
the second system ^thg_S£SQjod-SVStem being one EhaLXD-^rants session credentjals_b ased _p_n 
successful authentication at the second system, and (T\ includes a pro tected resource on the 
se.CP.n d, system that is accessible bv the client: and 

the first s ystem granting; access, to a protected resource on the fir st system, to the 
client based on the determination from the second system that the clienr has invalid session 
credential with the second sy stem^-and 

- det e rmining at the second syst e m whether tho client has a valid session credential 

granted by the first s ystem, so as to auth e nticate at the second s y stem . 

14. (previously presented) A method according to claim 13, further 
comprising granting a session credential for the first system, 

15. (previously presented) A method according to claim 13, further 
comprising granting a session credential for the second system. 

16. (previously presented) A method according to claim 13, further 
comprising associating session credentials for the first system and the second system with the 
client. 

17. (currently amended) A method for establishing session credentials for a 

9 



PAGE 10/23 4 RCVD AT 8/24/2006 10:12:45 PM [Eastern Daylight Time] ' SVfcUSPTO-EFXRF-2/15 * DWS:2738300 * CSID:+8047888383 * DURATION (mm-ss):05-58 



08-24-2006 22:08 Fron-Hunton & Will i atns 



T-463 P. 011/023 F-596 



+8047888383 



PATENT APPLICATION 10/026,403 
ATTORNEY DOCKET: 72167.000570 



client, the method 
comprising: 

= inputting, at a first system that grants session credentials based on successful 

authentication, a request from a cl ient to acces s a Protected resnnr^ r > n the first system : 

determining that a-tfae_client does not have a valid session credential granted by a 
thgjirst system basod on successful authentication - at the? first system or successful 
authentication at a second GyGlom ; 

inputting information at the first svstem^from rhe second system, that 
the dotomuning that a = client does not have a valid session credential granted by the second 
syste m, the second system includin g a protected resource based nn r m „ rnn rr F»\ aafeefltfeaftefl ^ 
tho socond system ; 

sending, from the second system to the client, a log in page; 

receiving, at the second system from the client, log in information; and 

sending, from the second system to the first system, information corresponding 
to a session credential granted by the second system, the session credential granted by the 
second system based at least in pan on the log in information and successful authentication at 
the second system; and 

granting a session credential co the client f or the first system , such that the client 
is framed ac cess to a protected resource on the first svstem.^ and 

determining at the second uyntem whether tho client has a valid sos frie n cr e dential 

granted by th e first sy ste m, no as to authen ti cate at the second systom. 

1 8. (original) A method according to claim 17, further comprising granting a 
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session credential for the second system. 

19, (original) A method according to claim 17, further comprising associating 
session credentials for the first system and the second system with the client. 

20. (currently amended) A method for validating credentials comprising: 
inputting, at a first system th at grants session credentials base,dLon successful 

authentication, a request from a client to aggggs a pmt^H rgsQU^g ™ fcfi fast SgSggm 

determining, at a-thg_first system that grants soocion credentials based on succes s ful : 
authenticatio j- KM the firjt systoin - or successful aathenti cation at a - socond system, t hat a client 
does not have a valid session credential granted by the first system; 

redirecting the client to the second system that grants session credentials based 
on successful authentication at the second syste m the second system having a protected 
resource that is accessible by the client : 

sending, from the second system to the first system, session credentials granted 
by the second system; 

sending, from the first system to the second system, the session credentials 
granted by the second system; 

determining, at the second system, that the session credentials granted by the 
second system, and received from the first system, arc valid; and 

sending, from the second system to the first system, information indicating that 
the session credentials granted by the second system are valid^-ae4 

■ — d e t e rmining at the second s yst e m whether the client has a valid session credential 

granted by the first i i yr.tem, so as to au t h e nticate at the second system . 
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21. (original) A method according to claim 20, further comprising granting 
the client session credentials for the first system. 

22. (Canceled) 
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